CVEs from 2022
Total
5,244
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3924 | medium | — | 5.5 | 3y ago | RHSA-2023:2792: bind9.16 security and bug fix update (Moderate) | |||
| CVE-2022-39282 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39316 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-45939 | medium | — | 5.5 | 3y ago | RHSA-2023:3042: emacs security and bug fix update (Moderate) | |||
| CVE-2022-39320 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-2928 | medium | — | 5.5 | 3y ago | RHSA-2023:3000: dhcp security and bug fix update (Moderate) | |||
| CVE-2022-2929 | medium | — | 5.5 | 3y ago | RHSA-2023:3000: dhcp security and bug fix update (Moderate) | |||
| CVE-2022-41861 | medium | — | 5.5 | 3y ago | RHSA-2023:2870: freeradius:3.0 security update (Moderate) | |||
| CVE-2022-32323 | medium | — | 5.5 | 3y ago | RHSA-2023:3067: autotrace security update (Moderate) | |||
| CVE-2022-41724 | medium | — | 5.5 | 3y ago | RHSA-2023:6939: container-tools:rhel8 security and bug fix update (Moderate) | |||
| CVE-2022-41877 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-24765 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-41859 | medium | — | 5.5 | 3y ago | RHSA-2023:2870: freeradius:3.0 security update (Moderate) | |||
| CVE-2022-41973 | medium | — | 5.5 | 3y ago | RHSA-2023:2948: device-mapper-multipath security and bug fix update (Moderate) | |||
| CVE-2022-39253 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-39260 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-39229 | medium | — | 5.5 | 3y ago | RHSA-2023:2784: grafana security update (Moderate) | |||
| CVE-2022-34303 | medium | — | 5.5 | 3y ago | Moderate: fwupd security and bug fix update | |||
| CVE-2022-35957 | medium | — | 5.5 | 3y ago | Moderate: grafana security and enhancement update | |||
| CVE-2022-41860 | medium | — | 5.5 | 3y ago | RHSA-2023:2870: freeradius:3.0 security update (Moderate) | |||
| CVE-2022-39317 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39283 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-48337 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-50546 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: =========================================… | |||
| CVE-2022-39377 | medium | — | 5.5 | 3y ago | RHSA-2023:2800: sysstat security and bug fix update (Moderate) | |||
| CVE-2022-39318 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-48915 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the th… | |||
| CVE-2022-39347 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-39319 | medium | — | 5.5 | 3y ago | RHSA-2023:2851: freerdp security update (Moderate) | |||
| CVE-2022-3287 | medium | — | 5.5 | 3y ago | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read … | |||
| CVE-2022-50153 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented,… | |||
| CVE-2022-30784 | medium | — | 5.5 | 3y ago | RHSA-2023:2757: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-50344 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix null-ptr-deref in ext4_write_info I caught a null-ptr-deref bug as follows: ===========================================… | |||
| CVE-2022-50403 | medium | — | 5.5 | 3y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-44793 | medium | — | 5.5 | 3y ago | RHSA-2023:2969: net-snmp security and bug fix update (Moderate) | |||
| CVE-2022-2393 | medium | — | 5.5 | 3y ago | Moderate: pki-core security, bug fix, and enhancement update | |||
| CVE-2022-50069 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load anot… | |||
| CVE-2022-40023 | medium | — | 5.5 | 3y ago | RHSA-2023:2893: python-mako security update (Moderate) | |||
| CVE-2022-3190 | medium | — | 5.5 | 3y ago | Moderate: wireshark security and bug fix update | |||
| CVE-2022-50055 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. … | |||
| CVE-2022-29187 | medium | — | 5.5 | 3y ago | RHSA-2023:2859: git security and bug fix update (Moderate) | |||
| CVE-2022-2122 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending… | |||
| CVE-2022-38784 | medium | — | 5.5 | 3y ago | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image co… | |||
| CVE-2022-41723 | medium | — | 5.5 | 3y ago | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||
| CVE-2022-44792 | medium | — | 5.5 | 3y ago | RHSA-2023:2969: net-snmp security and bug fix update (Moderate) | |||
| CVE-2022-50081 | medium | — | 5.5 | 3y ago | RHSA-2022:7683: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2022-3551 | medium | — | 5.5 | 3y ago | A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memor… | |||
| CVE-2022-46344 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potentia… | |||
| CVE-2022-46343 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local pr… | |||
| CVE-2022-46342 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privi… | |||
| CVE-2022-50219 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The… | |||
| CVE-2022-3550 | medium | — | 5.5 | 3y ago | A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It… | |||
| CVE-2022-3598 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-46341 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This i… | |||
| CVE-2022-46340 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger… | |||
| CVE-2022-4283 | medium | — | 5.5 | 3y ago | A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetK… | |||
| CVE-2022-4904 | medium | — | 5.5 | 3y ago | RHSA-2023:7116: c-ares security update (Moderate) | |||
| CVE-2022-50635 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() I found a null pointer reference in arch_prepare_kprobe(): … | |||
| CVE-2022-1920 | medium | — | 5.5 | 3y ago | Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through hea… | |||
| CVE-2022-49081 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that… | |||
| CVE-2022-50228 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, … | |||
| CVE-2022-1924 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrit… | |||
| CVE-2022-50126 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_… | |||
| CVE-2022-2795 | medium | — | 5.5 | 3y ago | RHSA-2023:3002: bind security and bug fix update (Moderate) | |||
| CVE-2022-49058 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_upda… | |||
| CVE-2022-1925 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to… | |||
| CVE-2022-1923 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwr… | |||
| CVE-2022-1921 | medium | — | 5.5 | 3y ago | Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. | |||
| CVE-2022-50730 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: silence the warning when evicting inode with dioread_nolock When evicting an inode with default dioread_nolock, it could be… | |||
| CVE-2022-50717 | medium | — | 5.5 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmet_tcp_handle_h2c_data_pdu(), add a bounds … | |||
| CVE-2022-48339 | medium | — | 5.5 | 3y ago | RHSA-2023:7083: emacs security update (Moderate) | |||
| CVE-2022-41946 | medium | — | 5.5 | 3y ago | Moderate: postgresql-jdbc security update | |||
| CVE-2022-4645 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3204 | medium | — | 5.5 | 3y ago | Moderate: unbound security update | |||
| CVE-2022-3627 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3970 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3597 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3599 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3626 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-3570 | medium | — | 5.5 | 3y ago | Moderate: libtiff security update | |||
| CVE-2022-1922 | medium | — | 5.5 | 3y ago | DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a h… | |||
| CVE-2022-37032 | medium | — | 5.5 | 3y ago | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c. | |||
| CVE-2022-37454 | medium | — | 5.5 | 3y ago | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic… | |||
| CVE-2022-2625 | medium | — | 5.5 | 3y ago | RHSA-2023:1576: postgresql:13 security update (Moderate) | |||
| CVE-2022-4899 | medium | — | 5.5 | 3y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2022-45061 | medium | — | 5.5 | 3y ago | Moderate: python3.9 security update | |||
| CVE-2022-45873 | medium | — | 5.5 | 3y ago | systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation m… | |||
| CVE-2022-4415 | medium | — | 5.5 | 3y ago | A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | |||
| CVE-2022-31630 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-48303 | medium | — | 5.5 | 3y ago | RHSA-2023:0842: tar security update (Moderate) | |||
| CVE-2022-40897 | medium | — | 5.5 | 3y ago | RHSA-2024:2987: python27:2.7 security update (Moderate) | |||
| CVE-2022-31631 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31628 | medium | — | 5.5 | 3y ago | RHSA-2023:2903: php:7.4 security update (Moderate) | |||
| CVE-2022-31629 | medium | — | 5.5 | 3y ago | RHSA-2024:10952: php:7.4 security update (Moderate) | |||
| CVE-2022-36760 | medium | — | 5.5 | 3y ago | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque… | |||
| CVE-2022-47024 | medium | — | 5.5 | 3y ago | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impa… | |||
| CVE-2022-37436 | medium | — | 5.5 | 3y ago | Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers… | |||
| CVE-2022-4900 | medium | — | 5.5 | 3y ago | RHSA-2023:0848: php:8.0 security update (Moderate) | |||
| CVE-2022-4203 | medium | — | 5.5 | 3y ago | Moderate: openssl security and bug fix update | |||
| CVE-2022-2880 | medium | — | 5.5 | 3y ago | Moderate: container-tools:rhel8 security update |